maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus KARG (JIRA)" <j...@codehaus.org>
Subject [jira] (MGPG-47) Support for Maven Password Encryption
Date Mon, 23 Dec 2013 08:54:45 GMT
Markus KARG created MGPG-47:
-------------------------------

             Summary: Support for Maven Password Encryption
                 Key: MGPG-47
                 URL: https://jira.codehaus.org/browse/MGPG-47
             Project: Maven GPG Plugin
          Issue Type: Wish
            Reporter: Markus KARG


To automate usage of the GPG plugin, it is needed to provide the key store password as a command
line argument. This implies that (a) a potential (automatic) user must use explicity CLI arguments
and cannot rely on the POM as the one-and-only place to store all build configuration, and
(b) everybody can read that password when inspection the build automation configuration.

Maven has the technology to encrypt passwords using a master password (and have that one stored
on a detachable USB token in encrypted way). Maven's documentation only contains examples
how to use that with repository accounts.

It would be pretty cool if the GPG plugin could use that encrypted tokens, i. e. what I would
see as the optimal solution is that Maven can use encrypted tokens anywhere in the POM as
a variable, and that the GPG plugin can read the key store password from the POM. In combination
this would allow to solve problems (a) and (b): The sole configuration location is the POM,
and the password is encrypted.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message